Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pfsense pfsense plus vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-23993
/usr/local/www/pkg.php in pfSense CE prior to 2.6.0 and pfSense Plus prior to 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS.
Pfsense Pfsense Plus
Pfsense Pfsense
6.1
CVSSv3
CVE-2021-20729
Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and previous versions, and pfSense Plus software versions 21.05 and previous versions) allows a remote malicious user to inject an arbitrary script via a malicious URL.
Netgate Pfsense Plus
Pfsense Pfsense
9.8
CVSSv3
CVE-2023-27100
Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows malicious users to bypass brute force protection mechanisms via crafted web requests.
Netgate Pfsense Plus 22.05.1
Pfsense Pfsense 2.6.0
2 Github repositories
8.8
CVSSv3
CVE-2023-42326
An issue in Netgate pfSense v.2.7.0 allows a remote malicious user to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components.
Netgate Pfsense
Netgate Pfsense Plus
8.8
CVSSv3
CVE-2022-24299
Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions before 2.6.0 and pfSense Plus software versions before 22.01) allows a remote attacker with the privilege to change OpenVPN client or server settings to execute an arbitrary comma...
Netgate Pfsense Plus
Netgate Pfsense
8.8
CVSSv3
CVE-2023-48123
An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote malicious user to execute arbitrary code via a crafted request to the packet_capture.php file.
Netgate Pfsense
Netgate Pfsense Plus
1 Github repository
8.8
CVSSv3
CVE-2022-26019
Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions before 2.6.0 and pfSense Plus software versions before 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, wh...
Netgate Pfsense Plus
Netgate Pfsense
6.1
CVSSv3
CVE-2022-29273
pfSense CE up to and including 2.6.0 and pfSense Plus prior to 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters.
Netgate Pfsense
5.9
CVSSv3
CVE-2023-48795
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH prior to 9.6 and other products, allows remote malicious users to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may conseque...
Openbsd Openssh
Putty Putty
Filezilla-project Filezilla Client
Microsoft Powershell
Panic Transmit 5
Panic Nova
Roumenpetrov Pkixssh
Winscp Winscp
Bitvise Ssh Client
Bitvise Ssh Server
Lancom-systems Lcos
Lancom-systems Lcos Fx -
Lancom-systems Lcos Lx -
Lancom-systems Lcos Sx 5.20
Lancom-systems Lcos Sx 4.20
Lancom-systems Lanconfig -
Vandyke Securecrt
Libssh Libssh
Net-ssh Net-ssh 7.2.0
Ssh2 Project Ssh2
Proftpd Proftpd
Freebsd Freebsd
9 Github repositories
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started